From ab42decbd1f07fa9be7f23b5775ef93d5cd31e33 Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Sat, 14 Sep 2019 00:18:49 +0200
Subject: [PATCH] Set COOKIE_SECURE to true in env var to set session and CSRF
 cookies to secure, only passed over https. Also added CSRF_COOKIE_SAMESITE
 example to local.py.example

---
 opentech/settings/base.py          | 4 ++++
 opentech/settings/local.py.example | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index 7d2b0b385..e5e94a16c 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -596,6 +596,10 @@ if env.get('SECURE_BROWSER_XSS_FILTER', 'true').lower().strip() == 'true':
 if env.get('SECURE_CONTENT_TYPE_NOSNIFF', 'true').lower().strip() == 'true':
     SECURE_CONTENT_TYPE_NOSNIFF = True
 
+if env.get('COOKIE_SECURE', 'false').lower().strip() == 'true':
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+
 
 # Referrer-policy header settings
 # https://django-referrer-policy.readthedocs.io/en/1.0/
diff --git a/opentech/settings/local.py.example b/opentech/settings/local.py.example
index 51c46d10d..af1a71bdd 100644
--- a/opentech/settings/local.py.example
+++ b/opentech/settings/local.py.example
@@ -25,3 +25,7 @@ CACHES = {
 
 # Enable Wagtail Cache while developing
 # WAGTAIL_CACHE = True
+
+# If you have a problem with "CSRF cookie not set".
+# CSRF_COOKIE_SAMESITE = None
+# SESSION_COOKIE_SAMESITE = None
-- 
GitLab